On Sun, Dec 28, 2008 at 3:25 PM, Karl Fife <karlf...@gmail.com> wrote:
> I just upgraded from 1.2 Embedded to 1.2.1 Embedded:
>
> Is the following a regression?
>
Yep - the SVG graphs used to not require any authentication, they were
open to anyone who had access to the port your webUI was running on if
you accessed that php page directly. Now that page won't load without
authentication. This is how m0n0wall has always done it, but we went
through and tightened up some things including this. But the way it
was done apparently only worked right with Firefox. Many of our devs
including the one who made that change are Mac users, or exclusively
use Firefox, which is likely how this wasn't noticed sooner.
This has been fixed, I think. Please help test - Go to Diagnostics ->
Edit file, open /usr/local/www/graph.php. Replace:
if(!$_SERVER['PHP_AUTH_USER']) {
Header("Location: /");
exit;
}
with:
require("guiconfig.inc");
save the file, then try again. That works for me in Chrome, and still
requires the authentication.
On another note, upgrading embedded is of course a known pain point
with every embedded version to date, and hasn't been well tested - how
did you upgrade, and I presume everything else is working as prior to
upgrade?
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
